Poproszę O Sprawdzenie Loga

[tbadoo]

Witam.

Wczoraj zauważyłem dość intensywne mielenie dysku. Dziwne w momencie gdy wiem iż nie uruchamiałem żadnych defragmentatorów, nie ściągam nic z neta ani nie robię na tę chwilę żadnych operacji dyskowych. W Monitorze zasobów (Vista Ultimate) zobaczyłem dziwne operacje dyskowe na plikach takich jak filmy, grafika z udziałem pliku svchost. TUTAJ przykład.

 

Zamieszczam też loga z Hijackthis

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "SPOILER"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:21:31, on 2008-07-16

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\oodtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Collins\Watch.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\totalcmd\TOTALCMD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Aktualizator Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Aktywacja Testera.lnk = C:\Program Files\Collins\Watch.exe

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe

O13 - Gopher Prefix:

O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://www.dzikipotok.karpacz.pl/www/kam/push04.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\DESKSC~1\deskscapes.dll

O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\DESKSC~1\DesktopControlPanel.dll

O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\DESKSC~1\DreamControl.dll

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 9767 bytes

...oraz Combifix

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix"

ComboFix 08-07-14.2 - tbadoo 2008-07-16 11:48:18.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.2086 [GMT 1:00]

Running from: F:\Zasysanie\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))

.

 

2008-07-16 10:21 . 2008-07-16 10:21 <DIR> d-------- C:\Program Files\Trend Micro

2008-07-13 00:41 . 2008-07-13 00:41 <DIR> d-------- C:\Program Files\mkv2vob

2008-07-13 00:08 . 2008-07-13 12:44 <DIR> d-------- C:\Program Files\Red Kawa

2008-07-05 05:42 . 2008-07-05 05:42 <DIR> d-------- C:\Program Files\ASUS

2008-07-05 05:42 . 2006-01-10 17:50 24,576 -ra------ C:\Windows\System32\AsIO.dll

2008-07-05 05:42 . 2005-12-22 11:22 5,685 -ra------ C:\Windows\System32\drivers\AsIO.sys

2008-07-05 05:42 . 2004-09-07 11:41 5,120 --a------ C:\Windows\System32\drivers\AsInsHelp64.sys

2008-07-05 05:42 . 2004-03-10 14:31 3,328 --a------ C:\Windows\System32\drivers\AsInsHelp32.sys

2008-06-28 19:54 . 2008-06-28 19:54 <DIR> dr------- C:\Users\tbadoo\Documents

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Program Files\Common Files\Steam

2008-06-25 05:51 . 2008-06-25 05:51 <DIR> d-------- C:\Program Files\Common Files\Microsoft Games

2008-06-21 17:42 . 2008-06-21 17:42 <DIR> d-------- C:\Program Files\xp-AntiSpy

2008-06-17 22:18 . 2008-06-17 22:18 <DIR> d-------- C:\Program Files\GhostScript

2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Users\All Users\PlotSoft

2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\ProgramData\PlotSoft

2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\PlotSoft

2008-06-16 02:09 . 2008-06-16 02:09 <DIR> d-------- C:\Users\tbadoo\AppData\Roaming\Media Player Classic

2008-06-16 01:24 . 2008-06-16 01:24 <DIR> d-------- C:\Users\All Users\Real

2008-06-16 01:24 . 2008-06-16 01:24 <DIR> d-------- C:\Program Files\Real Alternative

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-16 00:57 --------- d-----w C:\Users\tbadoo\AppData\Roaming\Skype

2008-07-15 23:47 --------- d-----w C:\Users\tbadoo\AppData\Roaming\skypePM

2008-07-15 23:29 --------- d-----w C:\ProgramData\Google Updater

2008-07-12 23:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-12 23:07 --------- d-----w C:\Program Files\Java

2008-07-05 04:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-26 22:28 33,080 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-06-26 22:27 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-06-24 17:42 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-20 04:05 --------- d-----w C:\Program Files\Google

2008-06-12 20:44 --------- d-----w C:\ProgramData\FLEXnet

2008-06-01 23:54 --------- d-----w C:\Users\tbadoo\AppData\Roaming\uTorrent

2008-06-01 18:39 --------- d-----w C:\Users\tbadoo\AppData\Roaming\GHISLER

2008-05-31 21:23 --------- d-----w C:\ProgramData\Codemasters

2008-05-27 22:33 --------- d-----w C:\ProgramData\Ubisoft

2008-05-26 16:29 --------- d-----w C:\ProgramData\PrettyMay

2008-05-24 16:27 --------- d-----w C:\Users\tbadoo\AppData\Roaming\InstallShield

2008-05-24 15:10 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-16 17:38 --------- d-----w C:\Users\tbadoo\AppData\Roaming\Apple Computer

2008-05-16 17:38 --------- d-----w C:\ProgramData\Apple Computer

2008-05-16 17:38 --------- d-----w C:\Program Files\iTunes

2008-05-16 17:38 --------- d-----w C:\Program Files\iPod

2008-05-16 17:37 --------- d-----w C:\Program Files\Bonjour

2008-05-16 17:36 --------- d-----w C:\Program Files\Common Files\Apple

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-10 03:18 174 --sha-w C:\Program Files\desktop.ini

2008-05-10 03:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-10 03:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-10 02:46 47,560 ----a-w C:\Windows\System32\SPReview.exe

2008-05-10 02:46 152,576 ----a-w C:\Windows\System32\SPWizUI.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll

2008-03-27 00:56 32 ----a-w C:\Users\All Users\ezsid.dat

2008-03-27 00:56 32 ----a-w C:\ProgramData\ezsid.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29 220544]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 12:17 340136]

"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 18:14 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 18:14 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2006-05-05 15:28 3680256]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-24 18:42:02 113664]

Aktualizator Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-25 01:53:37 124400]

Aktywacja Testera.lnk - C:\Program Files\Collins\Watch.exe [2008-04-07 02:25:23 354816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm

"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-440180117-4219228251-844210704-1000]

"EnableNotificationsRef"=dword:00000004

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C29A7793-A29B-4064-B33F-C5F8F777F3ED}"= UDP:E:\Gry\Vista Gry\Crysis\Bin32\Crysis.exe:Crysis_32

"{8212497F-CDD8-4D84-9268-243094DF77E2}"= TCP:E:\Gry\Vista Gry\Crysis\Bin32\Crysis.exe:Crysis_32

"{03D2145B-619D-4E35-929D-23B28FEADA0E}"= UDP:E:\Gry\Vista Gry\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{F7E276F1-14E4-4CA8-BA99-AF0B8408B5E5}"= TCP:E:\Gry\Vista Gry\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"TCP Query User{72D30287-60F0-493C-9D46-7C366FCB9352}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= UDP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core

"UDP Query User{B3230B08-690D-45EE-B582-DC6724D43852}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= TCP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core

"TCP Query User{1C902D09-5573-4606-9F67-D71C13FFA235}E:\\gry\\world of warcraft\\backgrounddownloader.exe"= UDP:E:\gry\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"UDP Query User{77512D6C-B494-4AB0-97E9-22FDE7BDB2F3}E:\\gry\\world of warcraft\\backgrounddownloader.exe"= TCP:E:\gry\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"TCP Query User{A7FB1E45-9223-44AA-82D7-59BC6F81DAFB}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{4B229AA2-BB93-4D8C-AD48-4AE5D4F29BEB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{F752C8B5-7FBC-4CA3-86A6-33BBDC5F926F}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= UDP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core

"UDP Query User{236FE829-55FA-4558-A163-2967514B8DD1}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= TCP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core

"TCP Query User{D7DB66EA-9FAD-4C0B-B88F-286D77757B77}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{30942120-57AD-4ECD-9BC0-FF961F4D3570}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet

"{CE109847-A431-4545-820E-53D8F256F4CE}"= UDP:C:\Program Files\CafeNews\CN.exe:Cafe News

"{EA0EA72B-88F5-4651-97D6-B4A111BECC5C}"= TCP:C:\Program Files\CafeNews\CN.exe:Cafe News

"{443780C1-9597-4FA4-BA51-C99417F237A4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{FA5B3AC7-09BE-427F-8F96-5CE444B02FE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{B6A05ED8-6BB7-4B50-83BD-3B1D46077C12}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{F3F88D39-F4EA-435D-BB5E-A54262D30FAA}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{5B8EF5D9-C285-454B-B72E-5CC6C52853C9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{78781D2E-4E72-4DFE-81DA-7CC08CE03284}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{2280A00E-416F-4F8C-89E8-7F3097356AB5}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"UDP Query User{1F377CD3-731A-42F2-B204-7AAD6EA824CA}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"{D834397C-2840-43CE-8D4F-6AD9BA9B15EF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{270CACAA-2F25-4A2D-B3DD-F5F723A4B6DA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{BD045C17-75F5-419E-9D3E-C9BAF9E466F0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{BB1041FD-A736-44E7-89FE-DBF665B09E64}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{BED94825-769D-4FF2-9F8C-A1A0C832A5EC}"= UDP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{5A9C56F1-CFBA-4CAE-9CAB-EF9076B270CE}"= TCP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{C6878DFC-B753-41D5-BE53-2B3083CF904F}"= UDP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{550FA97E-8E2A-4BCE-A027-89D25C937E6A}"= TCP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{9FAD179B-89C0-4F67-947B-E22286AA20BE}"= UDP:E:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{3EAB1BE6-636E-4ACE-A07A-82EC11CEA19C}"= TCP:E:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{89106006-6582-460C-9FE1-76B8C930462E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{FD10715A-56BF-4F75-B460-DB1C899F874E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{10C962A2-5879-4C14-AE00-2E32F78881BB}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{13AB4084-CEAD-42F3-9A55-5A9CF3DAE67F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{C530D1D0-87AB-4CAD-A7BF-F955F774D275}"= UDP:E:\Gry\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{4CEFBDA2-3E8D-413C-898F-21608D4AE83E}"= TCP:E:\Gry\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"TCP Query User{36F469CF-E632-4C3A-9393-2B91EF9915C0}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome

"UDP Query User{59A1D2CF-B52F-4176-9A58-C0141A3D4D1B}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome

"TCP Query User{6A822A3C-0702-4B91-B53D-AC323780D082}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{161FF591-EBC6-4F92-B552-D16327BB6390}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

 

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]

S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-11-13 19:35]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-25 15:39]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\shell\AutoRun\command - H:\VMC_PBStarter.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{996500f4-9201-11dc-99cb-000ea6f1d4dd}]

\shell\AutoRun\command - J:\autorun.exe

\shell\setup\command - J:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c865eb2d-0bb9-11dd-9a70-000ea6f1d4dd}]

\shell\AutoRun\command - I:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da67033b-9ea0-11dc-93b1-806e6f6e6963}]

\shell\AutoRun\command - H:\VMC_PBStarter.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da670409-9ea0-11dc-93b1-000ea6f1d4dd}]

\shell\AutoRun\command - H:\VMC_PBStarter.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-07-16 09:03:15 C:\Windows\Tasks\User_Feed_Synchronization-{407E79F3-734B-410F-A699-074082EF5F27}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-16 11:50:07

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-16 11:51:07

ComboFix-quarantined-files.txt 2008-07-16 10:51:04

 

Pre-Run: 5,361,139,712 bajtów wolnych

Post-Run: 7,006,216,192 bajtów wolnych

 

188 --- E O F --- 2008-07-16 01:35:06

Edytowane 16 Lipca 2008 przez tbadoo

[Kolobos]

Moze defender mieli, wylacz go, wylacz tez zbedne programy w msconfig.

[tbadoo]

Zrobione, to co mi zostało w MSCONFIG

Defender wyłączony

Nie pomogło, dalej mieli mi, zwłaszcza filmy w różnych katalogach na osobnych partycjach. Nie wiem o co biega. Ktoś ciągnie ode mnie bez mojej wiedzy?

Chyba czas na reinstall systemu 8O

[Kolobos]

Pewnie to indeksowanie plikow ulatwiajace wyszukiwanie. sprobuj wylaczyc:

http://www.mydigitallife.info/2007/09/17/d...dexing-service/

[tbadoo]

Wydaje mi się że pomogło, dziękuję 8O

 

EDIT: Jednak nie, indeksowanie wyłączone na wszystkich dyskach (włącznie z podkatalogami i plikami), jednak ta sama sytuacja dziś po włączeniu kompa, mieli mi plik iso ok 4GB, który wczoraj w nocy ściągnąłem i rozpakowałem.

Edytowane 17 Lipca 2008 przez tbadoo

[Kolobos]

Dalej svchost? Jezeli tak to uruchom: tasklist /svc i zobacz co dany svchost uruchomil.

[tbadoo]

Dalej svchost? Jezeli tak to uruchom: tasklist /svc i zobacz co dany svchost uruchomil.

Jestem po reinstalce systemu, zmieniłem na Vistę x64 ze wzgl na RAM. Poobserwuję tutaj i napiszę jak coś, na razie wyłączyłem indeksowanie ale wydaje mi się że będzie to samo.

 

Ok, ale jak to uruchomić? Spod Uruchom... wyskakuje mi tylko na ułamek sec okienko dosowe i znika, natomiast w konsoli dosowej nie rozpoznaje mi tej komendy.

Edytowane 19 Lipca 2008 przez tbadoo

[Aquarium]

Jestem po reinstalce systemu, zmieniłem na Vistę x64 ze wzgl na RAM. Poobserwuję tutaj i napiszę jak coś, na razie wyłączyłem indeksowanie ale wydaje mi się że będzie to samo.

 

Ok, ale jak to uruchomić? Spod Uruchom... wyskakuje mi tylko na ułamek sec okienko dosowe i znika, natomiast w konsoli dosowej nie rozpoznaje mi tej komendy.

start/uruchom/cmd i jedziesz...